Email

I recently had to remove permissions from a mailbox where another user had “Full Access” or “Full Permissions” over. The original setup was done on the old Exchange 2010 server that was upgraded to 2016.

We had a customer complaining about emails stuck in the spam filter. They were getting an email with the subject line “(3) Incoming messages failed to sync”. In the email was a button to “Restore Messages”; however, when we hovered over the link the web address was for “https://cheapfixerproperties.com/…”.

We told the customer this was a Phishing attempt, and to not click on that button. They are ready had. We ran a full Vipre scan on their machine.

We recently had a customer get a ISP change and on the same day were moving their DNS to Godaddy. A few weeks later they noticed a bunch of emails bouncing back with a lot of the email addresses being for Comcast. We weren’t sure if this was a Godaddy,DNS, Exchange, or ISP issue.

It turned out to be the ISP needed to a PTR (pointer record) to the IP address.

We recently set up a new Godady CPanel hosting and set up the main email account for this domain. We didn’t want to miss any emails so the email account was set up just like the old hosting CPanel email. We were hoping for a quick switch.

We were able to send from this new email account, but couldn’t receive email. We used the website http://www.mailtester.com and it was showing an error that the email address didn’t exist.

Back in the CPanel account I clicked on MX Entry and we could see it was set for “Remote Exchanger” we changed this to “Local Exchanger” and everything was working.

We received an email from a old customer who got an email with the following message.

“I do know, xxxxxxx, is your password. You don’t know me and you are probably wondering why you are getting this e-mail, correct?

actually, I actually installed a malware on the adult vids (sexually graphic) site and do you know what, you visited this web site to have fun (you know what I mean). While you were watching video clips, your web browser started out functioning as a RDP (Remote Desktop) having a key logger which provided me access to your display screen as well as cam. after that, my software obtained all of your contacts from your Messenger, FB, as well as email.

What exactly did I do?

I created a double-screen video. 1st part displays the video you were watching (you’ve got a nice taste lol . . .), and 2nd part shows the recording of your web camera.

exactly what should you do?

Well, in my opinion, $2900 is a fair price for our little secret. You will make the payment through Bitcoin (if you do not know this, search “how to buy bitcoin” in Google).

The biggest question was it was a password the customer had used in the past. Our best guess is someone gained access to an account they had and was able to capture name, email address and password. With this information they were able to get the scam started.

A Google search lead me to others that have received this email, and they all confirmed it was a scam.

We had a customer discontinue their email package from Godaddy and started to just use the CPanel email. A week later customer wasn’t receiving emails. I could login in to the webmail and send, but I couldn’t receive.

The issue was with the DNS and the mail record. The MX had 2 records and the 2 CName entrieshad two mail records that needed to be deleted and a MX & an A record needed to be added.

Here is the link I got from Godaddy that gave me the settings I needed.